Citroen Service Documentation Backup 2007 Full Version
Latrina Cobbett
The backup copy of the Citroen 2013-11 service documentation also contains a parts catalog, complete information about parts, labour times, as well as a functional search for a model by VIN with a decoding for each item, repair and maintenance documentation. .
This blog post aims to increase user awareness of the privacy and security risks of connecting devices to the internet. In this edition, we address Tesla Backup Gateways and identify some key areas where Tesla could improve security and privacy to help customers protect themselves. The security risks associated with these devices have been explored previously by other researchers, as detailed below, and we hope to help boost awareness of their findings and provide some additional insight into the degree of exposure.
Since January 2020, we have tracked 379 total unique Tesla Backup Gateway installations. Of these, a subset are commercial-grade Tesla Powerpacks (very large battery arrays). While these numbers may seem low, the potential for malicious activity leading to serious harm could be great, and is thus worth highlighting and mitigating as soon as possible.
There are various components to the energy install, including a subpanel that was installed for battery backed-breakers, some AC disconnect switches, the solar inverter, a main subpanel for power source breakers, and finally, the Tesla Backup Gateway. The Tesla Backup Gateway is one of the most interesting pieces of technology in this mix, since it is effectively managing a tri-power source (battery, grid, and solar), with a common software stack, and determining:
The API calls reveal that quite a bit of information can be gleaned from the gateway sans authentication. For example, you can determine your solar, battery, grid, and home energy statistics simply by querying the /api/meters/aggregates endpoint with cURL:
Even if the gateway were properly secured and all APIs required authentication, our next finding makes that irrelevant: weak default credentials. Home users and installers can log in to the Tesla Backup Gateway using weak credentials, which is outlined on the Tesla website.
Moreover, when the backup gateway is connected to the LAN, it broadcasts its hostname to the network using its full serial number. Some home routers, such as Xfinity routers, have been known to leak entire MAC/IP/Hostname information sets from the LAN to the public internet. We have observed one instance where this leak has occurred. Last, the Tesla app also will show the serial number in full, and Tesla accounts do not support MFA (yet), which enables phishing as another viable attack vector.
It is worth pointing out that logging into a Gateway belonging to someone else, or otherwise without authorization, using these methods likely violates the Computer Fraud and Abuse Act (CFAA) and state law equivalents. This is true even if the credentials are easy to guess, so any testing is best performed on equipment you own, or to which you have authorized access. The purpose of detailing these methods for bypassing the login is to encourage public awareness of the risk.
While investigating exposed Tesla Backup Gateway devices, we also ran into an anomaly: Simply grabbing /api/ returned a 404 response from the web server for some of these devices. Digging further, we discovered that the reason for this is that the device was not actually a Gateway device, but rather it was a Tesla Powerpack.
Slightly more concerning is that these devices can also speak modbus/dnp3. In this case, this specific server was also exposing modbus on the default port 502, though DNP/20000 appeared closed (which, in some additional Tesla documentation, may be due to DNP only being exposed over serial).
Though placing a Tesla Backup Gateway or Tesla Powerpack on the internet may be tempting, we should remember that the internet is noisy by nature, with lots of unsolicited traffic being passed through various ports on a regular basis. It is never safe to assume that placing a service on a port that is non-standard will prevent it from being discovered. Projects such as zmap and masscan have demonstrated that the entire IPv4 internet can be scanned in under five minutes.
To harden these devices a bit more, and help customers stay safe, Tesla could require passwords to be set on initial configuration by their installers, with no defaults. Tesla is also highly encouraged to support 2FA on user accounts (though Elon Musk hinted that this functionality is coming soon, as of April 22, 2020, even when it does come, this is assumed to be applied to mobile apps and Tesla SaaS, not necessarily the private web server which seems completely unintegrated with Tesla SSO).
Prior to publication, we reached out to Tesla's Product Security about this, and they let us know that they are working on further mitigating accidental exposure in some upcoming security features. In the meantime, they let us know that "predictable installer passwords have been fixed for some time on newly commissioned Backup Gateway V1 devices, but some previously commissioned devices still had them, and all online Backup Gateway V1 devices have had their installer passwords randomized." In addition, "all Backup Gateway V2 devices come from the factory with non-predictable random passwords," so that all sounds like good news going forward.
The Lenovo ThinkAgile HX 1U Appliances & Certified Nodes are 2-socket 1U systems that feature the 3rd Generation Intel Xeon Scalable processors and are designed for deploying industry-leading hyperconvergence software from Nutanix on Lenovo enterprise platforms. Nutanix brings the benefits of web-scale technologies to enterprise applications through enterprise storage, data protection, infrastructure resilience, management and analytics, and security.
The 1U systems are available either as an Appliance or Certified Node. HX Appliances deliver fully validated and integrated Lenovo hardware and firmware, certified and preloaded with licensed Nutanix software. They also include ThinkAgile Premier support with one single point of contact for support of the hardware and software. HX Certified Nodes deliver fully validated Lenovo hardware and firmware, certified and can be preloaded with Nutanix software. Certified Nodes do not include licenses to Nutanix software and enhanced software support.
This product guide provides essential pre-sales information to understand the ThinkAgile systems, their key features and specifications, components and options, and configuration guidelines. This guide is intended for technical specialists, sales specialists, sales engineers, IT architects, and other IT professionals who want to learn more about the ThinkAgile HX offerings and consider their use in IT solutions.
Founded in 1910 in Dunmore, Pennsylvania, FNCB Bank is an independent community bank, helping people, businesses and investors reach their financial goals. Serving personal and business banking needs across Northeastern Pennsylvania, FNCB Bank delivers a comprehensive range of mobile, online and in-branch products and services.
How Fraser Health Authority ramped up remote work capabilities rapidly in response to the COVID-19 pandemic with a Lenovo ThinkAgile HX hyperconverged infrastructure, powered by 2nd Gen Intel Xeon Scalable processors, enabling high-quality patient services during a province-wide lockdown.
How Country Garden Group uses a hyperconverged infrastructure platform from Lenovo and Nutanix, powered by 2nd Gen Intel Xeon Scalable processors, to underpin its world leading real estate development projects.
How Shanghai Junai Rehabilitation Hospital used a highly available and cost-effective hyperconverged infrastructure from Lenovo and Nutanix to support its demanding digital healthcare systems, enabling high-quality patient experiences.
How Electro Sur Este S.A.A. overhauled IT operations with Lenovo ThinkAgile HX Series, powered by Nutanix Cloud Platform, enabling the company to respond faster and more flexibly to changing business requirements.
How HC Networks used a hyperconverged infrastructure solution based on Lenovo ThinkAgile HX Series appliances, featuring 2nd Gen Intel Xeon processors and Nutanix software, to bring its virtual desktop infrastructure back in house at reduced cost and complexity.
How Kindai University Hospital uses a hyperconverged infrastructure platform from Lenovo and Nutanix, powered by 2nd Gen Intel Xeon Scalable processors, to simplify IT operations ahead of a major relocation.
How RIKEN KEIKI moved mission-critical business systems to a Lenovo ThinkAgile HX Series hyperconverged infrastructure platform, powered by high-performance 2nd Gen Intel Xeon Scalable processors, to bring its gas inspection and detection solutions to more industrial customers around the world.
How the Pontifical Catholic University of Minas Gerais (PUC Minas) used a hyperconverged infrastructure solution from Lenovo and Nutanix to enable more people to develop new skills and knowledge through online distance-learning degree courses.
How The University of Baltimore used a hyperconverged infrastructure solution from Lenovo to support a VMware Horizon virtual desktop environment, enabling the university to deliver degree programs remotely while keeping costs under control.
HX Appliances deliver fully validated and integrated Lenovo hardware and firmware, certified and preloaded with licensed Nutanix software. They also include ThinkAgile Premier support with one single point of contact for support of the hardware and software.
b1e95dc632